void OnEndOfRootElement()
{
if (null == _signedXml)
{
if (_requireSignature)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new CryptographicException(SR.GetString(SR.ID3089)));
}
}
else
{
ResolveSigningCredentials();
_signedXml.StartSignatureVerification(_signingCredentials.SigningKey);
_wrappedReader.XmlTokens.SetElementExclusion(XD.XmlSignatureDictionary.Signature.Value, XD.XmlSignatureDictionary.Namespace.Value);
WifSignedInfo signedInfo = _signedXml.Signature.SignedInfo as WifSignedInfo;
_signedXml.EnsureDigestValidity(signedInfo[0].ExtractReferredId(), _wrappedReader);
_signedXml.CompleteSignatureVerification();
}
}
void VerifySignature(SignedXml signature, SecurityKey signatureVerificationKey)
{
if (signature == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signature");
if (signatureVerificationKey == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signatureVerificatonKey");
signature.StartSignatureVerification(signatureVerificationKey);
signature.EnsureDigestValidity(this.assertionId, tokenStream);
signature.CompleteSignatureVerification();
}
protected override SecurityToken VerifySignature(SignedXml signedXml, bool isPrimarySignature, SecurityHeaderTokenResolver resolver, object signatureTarget, string id)
{
SecurityToken token = this.ResolveSignatureToken(signedXml.Signature.KeyIdentifier, resolver, isPrimarySignature);
if (isPrimarySignature)
{
base.RecordSignatureToken(token);
}
ReadOnlyCollection<SecurityKey> securityKeys = token.SecurityKeys;
SecurityKey securityKey = ((securityKeys != null) && (securityKeys.Count > 0)) ? securityKeys[0] : null;
if (securityKey == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToCreateICryptoFromTokenForSignatureVerification", new object[] { token })));
}
base.AlgorithmSuite.EnsureAcceptableSignatureKeySize(securityKey, token);
base.AlgorithmSuite.EnsureAcceptableSignatureAlgorithm(securityKey, signedXml.Signature.SignedInfo.SignatureMethod);
signedXml.StartSignatureVerification(securityKey);
StandardSignedInfo signedInfo = (StandardSignedInfo) signedXml.Signature.SignedInfo;
this.ValidateDigestsOfTargetsInSecurityHeader(signedInfo, base.Timestamp, isPrimarySignature, signatureTarget, id);
if (!isPrimarySignature)
{
if ((!base.RequireMessageProtection && (securityKey is AsymmetricSecurityKey)) && (base.Version.Addressing != AddressingVersion.None))
{
int headerIndex = base.Message.Headers.FindHeader(System.ServiceModel.XD.AddressingDictionary.To.Value, base.Message.Version.Addressing.Namespace);
if (headerIndex == -1)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("TransportSecuredMessageMissingToHeader")));
}
XmlDictionaryReader readerAtHeader = base.Message.Headers.GetReaderAtHeader(headerIndex);
id = readerAtHeader.GetAttribute(System.ServiceModel.XD.UtilityDictionary.IdAttribute, System.ServiceModel.XD.UtilityDictionary.Namespace);
if (id == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnsignedToHeaderInTransportSecuredMessage")));
}
signedXml.EnsureDigestValidity(id, readerAtHeader);
}
signedXml.CompleteSignatureVerification();
return token;
}
this.pendingSignature = signedXml;
return token;
}
